I want to apologize to Kern and to the list for being mistaken and for
pushing my mistaken point of view too far.
It turns out that greylisting can cause problems with list serves, and
sourceforge, which hosts the bacula list, does do callbacks to verify
email addresses. These callbacks and greylisting can get tangled up in
one another and result in difficulties with messages going through. So
it probably is worthwhile to whitelist sourceforge.
David Romerstein sent me the link to the sourceforge documentation on
exactly what they do:
http://sourceforge.net/docman/display_doc.php?docid=6695&group_id=1#et_sender_validation
With that information, I was able to find the interaction in my mail
logs. I must say that just one of my mail servers generates over a
million lines of logging every day. So reading log files is a pattern
matching exercise. The interactions for one mail message to the bacula
list were spread out over an hour of time and separated by thousands of
lines of other log messages. What I found is that my server contacts the
sourceforge server indicating it has a message to deliver. Shortly, the
sourceforge server contacts my server with a callback attempting to
validate a null sender going back to my email address. If either the
null sender or my email address fail, then sourceforge will fail my
message. What happened was that my server greylisted the sourceforge
callback. That appeared again in the logs as a greylist of my own
message. Then, although my greylisting period was only 2 minutes,
sourceforge took more than an hour to try again. That is likely related
to the dynamics of how busy the sourceforge server is. Anyway, when they
tried the callback again, it was accepted, and my message went through.
So, there is a lot of dancing back and forth there. If either server had
some sort of misconfiguration, the interaction could fail, and the
message would not go through. Because of this, milter-greylist has an
option "delayedreject" that will wait to reject messages until the data
phase (instead of the rcpt phase), just so that it doesn't get tripped
up by callbacks. If you use milter-greylist, this option is described in
`man greylist.conf`.
In one other instance, I saw 2 callbacks -- One to confirm the null
sender and my address, and another to confirm that I had postmaster. I'm
not sure why that didn't show up in the other example. I did search for it.
So, again, let me apologize for pushing a mistaken point of view and
offer the information in this message as a contribution to the smooth
communication among the list participants.
And thanks to David for pointing out the information on sourceforge.
---------------
Chris Hoogendyk
-
O__ ---- Systems Administrator
c/ /'_ --- Biology & Geology Departments
(*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst
<[EMAIL PROTECTED]>
---------------
Erdös 4
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users
